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DETAILED ACTION 

1 . This action is issued in response to applicant's amendment filed September 5, 
2006. 

2. Claims 1-55 are presented. No claims added and none cancelled. 

3. Claims 16-18 and 36-55 remain withdrawn. 

4. Claims 1-15 and 19-35 are pending. 

5. Applicant's arguments filed September 5, 2006, have been fully considered but 
they are not persuasive. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-3,15,22-24, and 35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Valois (US Patent Publication No. 2004/0260818) filed June 23, 
2003. 
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Regarding Claims 1 and 22, Valois discloses a method comprising: 

storing authorization data that defines an access control attribute ([0058], 
lines 4-10, Valois) 1 and an associated regular expression specifying a textual 
pattern ([0057], lines 4-9, Valois); 

evaluating a command using the regular expression to determine whether 
the command matches the textual pattern ([0064], lines 1-5,Valois) 2 ; and 

controlling 3 access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 

Regarding Claims 2 and 23, Valois discloses a method wherein controlling 
access comprises 

allowing access to the configuration data when the textual pattern of the 
regular expression matches the command ([0067], lines 1-4, Valois). 

Regarding Claims 3 and 24, Valois discloses a method wherein controlling 
access comprises 

denying access to the configuration data when the textual pattern of the 
regular expression matches the command ([0067], lines 5-9, Valois). 

1 Examiner Notes: Authorization data corresponds to "references" and the definition is an attribute that is 
part of the Access Control List (ACL). 

Examiner Notes: The process of evaluating corresponds to "identifying and assessing". Also "the list of 
rules" corresponds to command. 

3 Examiner Notes: The act of controlling the access is done by the "validation engine", which extracts and 
compares the information to determine if there is a match or not. 
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Regarding Claims 15 and 35, Valois discloses a method wherein 
controlling access comprises controlling access to configuration data of a router 
([0053], lines 6-10, Valois). 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Valois (US Patent Publication No. 2004/0260818) filed June 23, 2003, as applied to 
claims 1-3,15,22-24, and 35 above, and further in view of Mitra (US Patent No. 
6,973,460) filed November 26, 2002. 

Regarding Claim 4, Valois discloses a method for storing authorization 
data ([0058], lines 4-10, Valois). However, Valois does not explicitly disclose 
storing the authorization data as a class that conforms to a class syntax. On the 
other hand, Mitra discloses storing the authorization data as a class that 
conforms to a class syntax (column 8, lines 7-18, Mitra). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to 
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incorporate Mitra's teaching into the Valois system. A skilled artisan would have 
been motivated to combine the two references as suggested by Mitra (column 7, 
lines 48-52), in order for the classes to be annotated such that, at run-time, 
useful information about how the data is organized for each of the various ways 
of storing the data (i.e. configuration) may be extracted from the annotations. As 
a result, this allows for various services to perform operations in accordance with 
the information. 

10. Claims 5-11 and 25-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) filed June 23, 
2003, in view of Delany (US Patent Publication No. 2002/0156879) filed November 
30,2001. 

Regarding Claims 5 and 25, Valois discloses a method for the evaluation 
of the regular expression ([0064], lines 1-5,Valois). However, Valois does not 
explicitly disclose including a coarse-grain access control attribute within the 
authorization data that defines access control rights for respective groups of 
resources provided by the device, and controlling access to the configuration 
data, based on the coarse-grain access control attribute. On the other hand, 
Delany discloses including a coarse-grain access control attribute ([0118], lines 
1-6, Delany) within the authorization data that defines access control rights for 
respective groups of resources provided by the device ([0161], lines 1-3, Delany), 
and controlling access to the configuration data, based on the coarse-grain 
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access control attribute ([0118], lines 1-6, Delany). It would have been obvious to 
one of ordinary skill in the art at the time of the invention to incorporate Delany's 
teachings into the Valois system. A skilled artisan would have been motivated to 
combine in order to achieve the level of detail at which the data would have been 
considered. Valois and Delany are analogous art because they are from the 
same field of endeavor of relating to a system that provides authorization 
compliance validation with a security policy. As a result, coarse-grain access 
provides higher performance through more optimized protocols and the data 
tends to work on contiguous regions at a time. 

Regarding Claims 6 and 26, the combination of Valois in view of Delany, 
disclose a method wherein the coarse-grain access control attribute comprises a 
set of permission bits, and each of the permission bits is associated with a 
respective group of the resources ([0161], lines 3-5, Delany). 

Regarding Claims 7 and 27, the combination of Valois in view of Delany, 
disclose a method further comprising receiving the command from a client via a 
command line interface ([0199], lines 2-11, Delany) 4 . 

Regarding Claims 8 and 28, the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises evaluating the 
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command in real-time ([0383], lines 9-14, Delany) while the client inputs the 
command via the command line interface ([0199], lines 2-11, Delany). 

Regarding Claims 9 and 29, the combination of Valois in view of Delany, 
disclose a method wherein the configuration data is arranged in the form of a 
multi-level configuration hierarchy having a plurality of objects (Fig. 5, [0142], 
lines 1-2, Delany), and each of the objects represents a portion of the 
configuration data that relates to one or more resources of the device ([0142], 
lines 2-5, Delany). 

Regarding Claims 10 and 30, the combination of Valois in view of Delany, 
disclose a method wherein the objects have respective textual labels ([0143], 
lines 1-4, Delany) and the regular expression defines the textual pattern to match 
the textual labels ([0057], lines 4-9, Valois) of a set of one or more of the objects 
within the configuration hierarchy (Fig. 5, Delany). 

Regarding Claims 1 1 and 31 , the combination of Valois in view, of Delany, 
disclose a method wherein evaluating the command comprises applying the 
regular expression to the command ([0099], lines 1-7, Valois) to determine 
whether the command specifies any of the objects within the set ([0142], lines 2- 
5, Delany). 



4 Examiner Notes: Receiving the command from a client corresponds to "a user can request..." and the 
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11. Claims 12-14,19-21, and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) June 23, 2003, 
in view of Delany (US Patent Publication No. 2002/0156879) Tiled November 30, 
2001, and further in view of Nelson (US Patent No. 6,243,713) filed August 24, 
1998. 

Regarding Claims 12 and 32, the combination of Valois in view of Delany, 
disclose a method further comprising to automatically insert one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). However, 
Valois in view of Delany, do not explicitly disclose pre-processing the regular 
expression. On the other hand, Nelson discloses pre-processing the regular 
expression (column 10, lines 39-50, Nelson). It would have been obvious to one 
of ordinary skill in the art at the time of the invention to incorporate Nelson's 
teachings into the Valois in view of Delany system. A skilled artisan would have 
been motivated to combine the two references as suggested by Nelson (column 
9, lines 60-65), in order to convert component data into a list of distinctive objects 
that represent the original data of the component, this is understood to perform 
data reduction. Pre-processing remove any non-essential information that does 
not substantially add to the quality of the system. As a result, pre-processing 
saves the system time and space for capacity. 



interface corresponds to "GUI". 
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Regarding Claims 13 and 33, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method further comprising: 

receiving the command from a client via a command line interface ([0199], 
lines 2-11, Delany); and 

pre-processing the regular expression (column 10, lines 39-50, Nelson) so 
that the command is evaluated with the regular expression in real-time ([0383], 
lines 9-14, Delany) as the client enters the command ([0199], lines 2-11, Delany). 

Regarding Claims 14 and 34, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method wherein evaluating the 
command comprises evaluating the command with the pre-processed regular 
expression each time the client enters a token indicating a textual break within 
the command (column 17, lines 35-40, Nelson). 

Regarding Claim 19, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method comprising: 

receiving input ([0056], lines 3-7, Valois) defining an access control 
attribute ([0058], lines 4-10, Valois) and an associated regular expression that 
specifies a textual pattern ([0057], lines 4-9, Valois); 
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pre-processing the regular expression (column 10, lines 39-50, Nelson) to 
automatically insert one or more meta-characters into the regular expression 
([0451-0453], lines 1-7, Delany); 

evaluating a command in real-time using the regular expression ([0383], 
lines 9-14, Delany) as a client enters the command via a command line interface 
([01 99], lines 2-1 1 , Delany); and 

controlling access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 

Regarding Claim 20, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method further comprising storing the 
configuration data in the form of a multi-level configuration hierarchy having a 
plurality of objects (Fig. 5, [0142], lines 1-2, Delany), wherein pre-processing the 
regular expression comprises automatically inserting one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). 

Regarding Claim 21 , the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method wherein the regular expression 
defines a textual pattern that identifies one or more of the objects within the 
configuration hierarchy, and evaluating the command comprises: 
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applying the regular expression in real-time ([0383], lines 9-14, Delany) to 
determine whether a portion of the command that has been entered by the client 
matches the textual pattern (([0064], lines 1-5,Valois); and 

selectively allowing the client to complete the command based on the 
determination ([0199], lines 2-11, Delany). 

Response to Arguments 

Applicant argues, Valois fails to teach, "storing authorization data that defines an 
access control attribute and an associated regular expression specifying a textual 
pattern". 

Examiner respectfully disagrees. As stated in the action above, Valois discloses 
at [0057-0058], lines 4-8 and lines 4-10, respectively; wherein tests are performed, such 
as pattern-matching techniques, which are exemplified within a test program. The test 
program has an example of a pattern-matching technique such as a Global Regular 
Expression Print searching, which searches files by keyword followed by a string 
comparison. Also, another test program is performed for contextual parsing techniques, 
which is used to extract all references of access control lists in a configuration file. The 
definitions and references of the access control lists are stored in a set of data 
structures. The set of definitions and references are examples of attributes of the 
access control list. Further, Valois discloses at [0055]; wherein the test programs 
discussed are found within a test scripts database, which contains a collections of test 
scripts or expert rules that expresses a security characteristic or policy. Therefore, since 
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the test scripts perform various tests for security purposes, representing authorization 
data; and the different test programs discussed are located within the test scripts are 
representations of authorization data defining an access control attribute and associated 
regular expression specifying a textual pattern. 

Applicant argues, Valois fails to teach, "evaluating a command using the regular 
expression to determine whether the command matches the textual pattern". 

Examiner respectfully disagrees. As stated in the action above, Valois discloses 
at [0064], lines 1-5, wherein the test program is developed to identify and assess (i.e. 
evaluate) access control lists and the access control is a list of rules describing what is 
allowed or denied. The list of rules corresponds to the command being evaluated. To 
further elaborate, Valois discloses at [0099]; wherein an extraction process is performed 
using a command tool such as the Global Regular Expression Print. As stated earlier 
the Global Regular Expression Print is a pattern-matching technique. Thereby 
disclosing the step of evaluating a command using the regular expression to determine 
whether the command matches the textual pattern. 

Applicant argues, Valois fails to teach, "controlling access to configuration data of 
a device based on the evaluation of the command". 

Examiner respectfully disagrees. As stated in the action above, Valois discloses 
at [0066], lines 1-9; wherein the validation engine extracts references from the 
configuration repository database and performs a comparison matching to determine 
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whether the references object matches the defined object. The process of extracting 
and comparing correspond to the act of controlling access to the configuration data. 
Also, as a further clarification of the accessing, Valois shows at [0065]; wherein the test 
programs (discussed earlier with reference to the steps of the authorization data along 
with evaluating) implement the security policy requiring all definitions be references and 
vice versa, as well as performing a comparison of any kind of object. The specified 
citation demonstrates how the access can be controlled in order to later have the ability 
of entering the configuration data. Finally, Valois discloses more details of controlling 
the access at [0067]; wherein if a match is found the program succeeds and if a match 
is not found, the program fails. 

In regards to claims 2 and 3, applicant argues, "Valois fails to anticipate the claim 
requirements because Valois provides no teaching of actually controlling access to 
configuration data of a device", along with clarifying how the "pass" result could teach 
denying access to the configuration data when the textual pattern of the regular 
expression matches the command. 

Examiner respectfully disagrees. As stated in the arguments above, Valois does 
anticipate the requirements of disclosing the step of controlling access to the 
configuration data of a device. Also, Valois discloses at [0067]; wherein if an exact 
match is found a "pass" is the outcome, as well as if the match is not exactly equal, then 
a "fail" is the outcome. However, a list of all the objects are referenced but undefined, 
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and a list of all objects are defined but unreferenced, which shows that some of the 
programs were adequate in order to provide an alternative list. 

Applicant argues, in regards to claim 4, "examiner points to no evidence in any of 
the references of record, as to technically how or for what reason a single class could 
be used to store disparate information". 

Examiner respect disagrees. In response to applicant's argument that there is no 
suggestion to combine the references, the examiner recognizes that obviousness can 
only be established by combining or modifying the teachings of the prior art to produce 
the claimed invention where there is some teaching, suggestion, or motivation to do so 
found either in the references themselves or in the knowledge generally available to one 
of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 
1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, 
examiner stated within the office action, Mitra discloses at column 7, lines 48-52; 
wherein in order for the classes to be annotated such that, at run-time, useful 
information about how the data is organized for each of the various ways of storing the 
data (i.e. configuration) may be extracted from the annotations. Examiner believes this 
explanation alone provides efficient evidence to support the combination of the Mitra 
reference into the Valois reference. However, Mitra provides further explanations at 
column 8, lines 30-46; wherein a SecureldentifiedObject is the base class and 
permissions (i.e. authorization data) may be an access control list, which allow users to 
review or edit secured elements. Also, Mitra discloses at column 19, lines 1-28; wherein 
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an XML framework provides classes to represent the data relied upon for the 
permissible values. An example of constructs to be used is the regular expression 
patterns for data to conform to. As a result, Mitra exudes the desired elements of Valois, 
along with the need of using a class syntax. 

In regards to claim 5, applicant argues there is no teaching in the combination of 
references for controlling access using authorization data that defines both a coarse- 
grain access control attribute as well as a regular expression for evaluation of a 
command. 

Examiner respectfully disagrees. As stated in the action above, the combination 
of Valois in view of Delany disclose the limitations of claims 5, specifically Delany 
discloses at [01 18]; wherein authentication and authorization decisions are based on 
policy domains. Specifically, policy domains are host names and URL's which specify 
the coarse-grain portion of the given policy domain. Therefore, since Valois was relied 
upon earlier for disclosing the authorization data defining the regular expression of a 
command, Delany's authorization decisions are relied upon for including the coarse- 
grain portion. 

In regards to claim 7, applicant argues Delany does not provide a command-line 
interface. 

Examiner respectfully disagrees. As stated in the action above, Delany discloses 
at [0199], lines 2-1 1 ; wherein a user can request to create an object (i.e. command) via 
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a graphical user interface. A graphical user interface is an operating system, which uses 
icons and menus with a pointing device to execute commands. Delany also discloses at 
[0124], lines 9-13; wherein other operating systems are described which can be used 
within the invention such as UNIX. 

In regards to claim 8, applicant argues, "Delany has nothing whatsoever to do 
with evaluation of commands at all, and provides no teaching or suggestion as to how 
commands could be evaluated in real-time while the commands are being entered using 
a command-line interface". 

Examiner respectfully disagrees. In response to applicant's arguments against 
the references individually, one cannot show nonobviousness by attacking references 
individually where the rejections are based on combinations of references. See In re 
Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 
231 USPQ 375 (Fed. Cir. 1986). Specifically, applicant argues Delany has nothing to do 
with the evaluation of commands; however, Valois was relied upon within prior claims to 
disclose the limitation of the evaluation of commands. Therefore, the combination of 
Valois in view of Delany, were relied upon for the claim 8 limitations. Specifically, 
Delany is relied upon at [0383], lines 9-14, for disclosing a real-time protocol. Also, the 
limitation of the commands being entered using a command-line interface is discussed 
in the remarks above. Therefore, the combination of Valois in view of Delany, disclose 
evaluated the command in real-time while the client inputs the commands via the 
command-line interface. 
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In regards to claim 9, applicant argues, Valois in view ofDelany fail to teach "the 
configuration data being arranged in the form of a multi-level configuration hierarchy 
having a plurality of objects, and each of the objects represents a portion of the 
configuration data that relates to one or more resources of the device". 

Examiner respectfully disagrees. As stated in the action above, Delany discloses 
a hierarchy tree at Fig. 5 and at [0142], wherein the tree is a directory structure, which 
includes an identity profile with a plurality of users, groups, and organizations. Also, 
Valois was relied upon earlier for the disclosure of the configuration data of a network 
device. Therefore, the combination of Valois in view of Delany, disclose the limitations 
of claim 9. 

In regards to claims 10-11, applicant argues, Delany is not describing 
configuration data and one would not modify the regular expression of the Valois testing 
tool to match labels for configuration data. 

Examiner respectfully disagrees. In regards to applicants argument that Delany 
does not describe configuration data, see the remarks above with reference to claim 8. 
Also, as stated above Delany discloses at [0143], lines 1-4, which discloses the different 
objects of the hierarchy tree comprising textual labels (i.e. distinguished names). Each 
distinguished name uniquely identifies the node within the tree, thereby allowing the 
distinguished name to represent the node, which is being matched to the textual pattern 
as relied upon by Valois. 
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In regards to claim 13, applicant argues, "(1) Delany describes a graphical user 
interface and provides no suggestion of any form of textual command, (2) Nelson 
describes pre-processing text within a document and not pre-processing a regular 
expression, and (3) Delany' s use of a protocol to determine the current status of a 
digital certificate provides no teaching of actually evaluating commands in real-time". 

Examiner respectfully disagrees. (1) As stated in the remarks above, Delany 
does provide receiving the command from a command-line interface. (2) As stated in 
the action above, Nelson discloses at column 10, lines 39-63; wherein text pre- 
processing is performed. The text is tokenized (i.e. divided a block of text into tokens) 
and special sequences of tokens called idioms are recognized by matching the 
sequences. Also, Nelson discloses at column 17, lines 35-40, wherein words with 
specified patterns, such as UNIX-style regular expressions (or the idioms), the list of 
tokens are scanned and checked against the pattern. Lastly, (3) as stated in the 
remarks above, Delany's disclosure of evaluating the command in real-time is just and 
detailed. 

In regards to claim 14, applicant argues, Nelson does not describe using regular 
expressions to evaluate commands entered by the user, let alone in real-time as the 
command is being entered. 

Examiner respectfully disagrees. As stated in the action above, Nelson discloses 
at column 17, lines 35-40, wherein words with specified patterns, such as UNIX-style 
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regular expressions, are scanned and checked against the pattern. Further explanations 
are provided above with reference to claim 13. The arguments with reference to the 
command being entered by the user and in real-time has been addressed in the 
remarks above. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Points of Contact 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chelcie Daye whose telephone number is 571-272- 
3891 . The examiner can normally be reached on M-F, 7:00 - 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Gaffin can be reached on 571-272-4146. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
Chelcie Daye 

Patent Examiner , / 



Technology Center 2100 
November 20, 2006 
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